An SQL injection is a web hacking techniques done by unauthorized personnel or processes that might destroy your database.

The major challenge is SQL injection can cause a system crash, data stolen, data corruption, etc.

Proper SQL instance, OS & Farwell security with the well-written application can help to reduce the risk of SQL injection.

Development\DBA

• Validate or filter the SQL commands that are being passed by the front end
• Validate data types and parameters
• Use stored procedures with parameters in place of dynamic SQL
• Remove old installable from application & database servers
• Remove old backup, application files & user  profiles
• Restrict commands from executing with a semicolon, EXEC, CAST, SET, two dashes, apostrophe, special characters, etc.
• Restrict the option of CMD execution or 3rd party execution
• Limited or least possible RIGHTS to DB users

Infra\Server

• Latest Patches
• Restricted Access
• Updated Antivirus

Network Administration

• Allow traffic from required addresses or domains
• Firewall settings to be reviewed on a regular BASIS to prevent SQL Injection attacks